Scribd Logo
Upload

Welcome to Scribd!

  • Lab - OSPF PlaintxtATech

    Uploaded by

    demofakeuser
    10 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views5 pages

    Lab - OSPF PlaintxtATech

    Uploaded by

    demofakeuser

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    OSPF Lab 4.

    1 – OSPF Authentication (Plain Text) - (ATech)

    Topology Diagram
    ATech Reference Topology 1 OSPF Area0

    atech_R1 atech_R2

    .1 12.12.12.0 /24 .2

    R1 Fa0/0 Fa0/0 R2
    Lo: 1.1.1.1/32 Lo: 2.2.2.2/32

    Task
    Task: Enable Plain-Text OSPF Authentication on R1 and R2 in Area0. R1 should be able to ping R2’s loopback
    after this.

    Related Info:
    ‐ OSPF Process ID: 1
    ‐ OSPF Areas: Area 0
    ‐ All Loopback IP’s, Interface IP’s are mentioned in this topology Diagram
    ‐ Router Interface IP’s and Loopback IP’s are already configured (so that you can focus on the OSPF and Authentication
    configuration and analysis)

    Background
    What is OSPF Authentication?
    Routing protocols exchange reachability information between routers. To route traffic correctly, it is necessary to
    prevent malicious or incorrect routing information from getting introduced into the routing table. This can be done
    by authenticating the routing updates exchanged between routers.
    There are two different types of Authentication supported by OSPF:
    i. Plain Text Authentication: This is also called Type 1 and it uses simple clear-text passwords
    ii. MD5 Authentication: This is also called Type 2 and it uses MD5 cryptographic passwords

    Null Authentication, which is also called Type0 Authentication, means NO authentication at all. It means no
    Authentication information is included in the packet header. It is the default option. Authentication is an optional
    feature. However, if it is set, all peer routers on the same segment must have the same password and authentication
    method.
    Let’s see how to configure Plain Text Authentication in OSPF with an example in below.

    facebook.com/ATechIT1 Youtube.com/c/ATechIT Linkedin.com/company/ATechIT/ Aurumme.com/ATech Your Feedback, Comments are Welcomed: waqas@aurumme.com
    Solution

    Step1: Enable OSPF Protocol on Routers. Assign Process ID 1 to this new OSPF
    atech_R1(config)#router ospf 1
    atech_R2(config)#router ospf 1

    Step2: Enable OSPF on Router Interfaces connected to each other:


    atech_R1(config-router)#network 12.12.12.0 0.0.0.255 area 0
    atech_R2(config-router)#network 12.12.12.0 0.0.0.255 area 0

    Step3: Enable OSPF on Loopback Interfaces:


    atech_R1(config-router)#network 1.1.1.1 255.255.255.255 area 0
    atech_R2(config-router)#network 2.2.2.2 255.255.255.255 area 0

    Step4: Before enabling Authentication, let’s first verify that OSPF Neighborship is UP and pings are OK
    b/w R1 & R2’s Loopback:

    Step5: Enable OSPF Authentication on R1 & R2’s interfaces connected to each other:
    atech_R1(config)#int fa0/0
    atech_R1(config-if)#ip ospf authentication
    atech_R1(config-if)#ip ospf authentication-key atech123

    facebook.com/ATechIT1 Youtube.com/c/ATechIT Linkedin.com/company/ATechIT/ Aurumme.com/ATech Your Feedback, Comments are Welcomed: waqas@aurumme.com
    OSPF Authentication should always be enabled on both sides of a link.
    Therefore, as soon as we enable OSPF on one side of the link, we get authentication error & link goes down
    (which can be verified by debugging OSPF):

    atech_R1#debug ip ospf events


    OSPF events debugging is on
    atech_R1#
    00:21:08: OSPF: Rcv pkt from 12.12.12.2, FastEthernet0/0 : Mismatch Authentication type. Input packet
    specified type 0, we use type 1
    00:21:28: OSPF: Rcv pkt from 12.12.12.2, FastEthernet0/0 : Mismatch Authentication type. Input packet
    specified type 0, we use type 1

    Let’s enable the Authentication on other side of the link as well to clear the error & bring the OSPF
    Adjacency UP again:
    atech_R2(config)#int fa0/0
    atech_R2(config-if)#ip ospf authentication
    atech_R2(config-if)#ip ospf authentication-key atech123

    OSPF Neighborship is UP now after we enabled the Authentication on other side of the link as well as in
    below:
    00:21:48: OSPF: Rcv hello from 2.2.2.2 area 0 from FastEthernet0/0 12.12.12.2
    00:21:55: OSPF: Send DBD to 2.2.2.2 on FastEthernet0/0 seq 0x67d3 opt 0x00 flag 0x0 len 32
    00:21:55: OSPF: Rcv DBD from 2.2.2.2 on FastEthernet0/0 seq 0x67d4 opt 0x00 flag 0x1 len 32 mtu 1500
    state EXCHANGE
    00:21:55: OSPF: Send DBD to 2.2.2.2 on FastEthernet0/0 seq 0x67d4 opt 0x00 flag 0x0 len 32
    00:21:55: Exchange Done with 2.2.2.2 on FastEthernet0/0
    00:21:55: Synchronized with with 2.2.2.2 on FastEthernet0/0, state FULL
    00:21:55: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done

    *Important:
    Authentication can also be enabled for whole area instead of per interface one by one. Basically, OSPF authentication can be enabled in
    two ways:
    1. Per Interface: Authentication is enabled per interface using the #ip ospf authentication command
    2. Whole Area Authentication: Authentication for area is enabled using #area authentication command
    In this example, we will use first method. You can practice yourself for 2nd type as well which is more simpler in configuration.

    facebook.com/ATechIT1 Youtube.com/c/ATechIT Linkedin.com/company/ATechIT/ Aurumme.com/ATech Your Feedback, Comments are Welcomed: waqas@aurumme.com
    Verification
    Verification1
    First, let’s verify that OSPF Authentication is in place or not:

    Verification2
    Now, let’s further verify OSPF neighborships and that pings are OK b/w R1 & R2’s Loopbacks after enabling
    Authentication:

    OSPF Neighborships are UP/FULL and both routers can ping each other. It shows that our configuration has been
    successful.

    facebook.com/ATechIT1 Youtube.com/c/ATechIT Linkedin.com/company/ATechIT/ Aurumme.com/ATech Your Feedback, Comments are Welcomed: waqas@aurumme.com
    Other relevant OSPF Verification/Show Commands:
    R1# show ip ospf interface fa0/0 | i Authentication (check the current OSPF Authentication status on an interface)
    R1# show ip ospf interface (check the current OSPF interface detail and DR/BDR status)
    R1#show ip ospf neighbor (check the OSPF neighbor’s detail)
    R1#show ip ospf (check the current OSPF Detail and Router ID)
    R1#show ip ospf interface (check the current OSPF interfaces on a Router)

    Complete Solution
    Below is complete solution containing all commands from scratch if you want to simulate yourself in
    Packet Tracer or GNS3:

    Complete Solution
    Atech_R1 Atech_R2
    interface Loopback0 interface Loopback0
    ip address 1.1.1.1 255.255.255.255 ip address 2.2.2.2 255.255.255.255
    ! !
    interface FastEthernet0/0 interface FastEthernet0/0
    ip address 12.12.12.1 255.255.255.0 ip address 12.12.12.2 255.255.255.0
    ip ospf authentication ip ospf authentication
    ip ospf authentication-key atech123 ip ospf authentication-key atech123
    no shutdown no shutdown
    ! !
    router ospf 1 router ospf 1
    network 12.12.12.0 0.0.0.255 area 0 network 12.12.12.0 0.0.0.255 area 0
    network 0.0.0.0 255.255.255.255 area 0 network 0.0.0.0 255.255.255.255 area 0

    Relevant Files
    Packet Tracer and GNS3 Files:
    https://web.facebook.com/groups/ATechIT/253257801899078/
    https://web.facebook.com/groups/ATechIT/253257735232418/

    facebook.com/ATechIT1 Youtube.com/c/ATechIT Linkedin.com/company/ATechIT/ Aurumme.com/ATech Your Feedback, Comments are Welcomed: waqas@aurumme.com

    You might also like